Comment 6 for bug 1016895

source3/auth/auth_util.c::create_local_token() will sometimes add an erroneous GID token for the group ID -1, which is treated as an 'unsigned int' and converted to 4294967295 (S-1-22-2-4294967295) , resulting in a crash in the syscall to Linux's setgroups().

Additional DEBUG() statements in the source reveal the issue. I'm still working on a fix:

setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Security token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-22-2-0]
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
create_local_token(i=1, server_info->utok.ngroups=0, sid=S-1-22-2-0)
create_local_token(i=2, server_info->utok.ngroups=1, sid=S-1-1-0)
create_local_token(i=3, server_info->utok.ngroups=2, sid=S-1-5-2) // SID_NT_NETWORK
create_local_token(i=4, server_info->utok.ngroups=2, sid=S-1-5-11)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-1-0)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-2-0)
add_sid_to_array_unique(S-1-22-2-4294967295)
Security token SIDs (6):
  SID[ 0]: S-1-22-1-0
  SID[ 1]: S-1-22-2-0
  SID[ 2]: S-1-1-0
  SID[ 3]: S-1-5-2
  SID[ 4]: S-1-5-11
  SID[ 5]: S-1-22-2-4294967295
 Privileges (0x 0):
 Rights (0x 0):
UNIX token of user 0
Primary group is 0 and contains 2 supplementary groups
Group[ 0]: 0
Group[ 1]: 4294967295